RSA 2012: Symantec Bets on Cloud, Mobile, and Virtualization Security

Jeff James

Thu, 2012-03-08 09:00

Symantec had a host of security-related news to share at RSA
last week, but that wasn't all. The security solution giant released a
fair amount of mobile security news at the Mobile World Congress (MWC)
in Barcelona during the same period. Symantec's raft of announcements
largely fell into four categories: Cloud security with Symantec O3
Cloud Identity and Access Control; mobile security with a number of
mobile-focused apps, services, and updates; enhanced integration with VMware virtualization and cloud products; and a partnership with the Cloud Security Alliance (CSA) that will see Symantec developing training products and services for cloud security training. The week before RSA we spoke with Symantec's Dave Elliott, Director
of Global Cloud Marketing, for background on Symantec's announcements.

Symantec O3 Cloud Identity and Access Control
One of the biggest barriers to cloud computing adoption in the
enterprise is handling user identity and access in consistent ways.
Looking at our own internal IT structure at Penton Media, we rely on
several cloud-based services, mainly for reporting expenses, booking
travel, and performing many other necessary (but unglamorous) business
tasks. Each of these services requires a separate username and
password, which makes it difficult to apply consistent security
policies across on-premise and off-premise IT resources.

"Security is consistently identified by enterprises as the top
inhibitor to the adoption of cloud computing," says Gartner VP Neil
MacDonald. "Since we don’t own or control the infrastructure that
cloud-based services are delivered from, there is an increasing need to
inject security policy such as identity mapping, encryption and access
control between users and the cloud-based services they are consuming."

Like several other providers, Symantec now is taking a crack at solving
that problem with the unveiling of Symantec O3 Cloud Identity and
Access Control. According to Symantec's Elliott, O3 will integrate with
an existing on-premise authentication, authorization and password
management structures, and extend those policies into the cloud.

"One of the key features of Symantec O3 is that it provides
single sign-on for more than 100 external cloud services," Elliott
said. "We gained a lot of expertise [in cloud-based security] when we
acquired services from Verisign...that team knows how to build hosted
web services, and O3 is layered on top of that." Elliott added that O3
will also integrate with Symantec's existing Validation and ID
Protection Service (VIP), which allows established VPN credentials to
be used in a cloud context.

Symantec Mobile Security InitiativesSecuring mobile devices has been another hot topic for IT
professionals, and Symantec unveiled a host of new mobile security
efforts at MWC. Symantec's new O3 platform will integrate with
Symantec's enterprise mobility platform, and Symantec's new Mobile
Management for Microsoft System Center Configuration Manager promises
to give users of that platform more mobile security controls and
options. Other Symantec mobile security announcements included a new Symantec Mobile Security app for
Android devices and a new data loss prevention (DLP) product for
tablets.

Symantec Integration with VMware Products
Symantec also announced a number of new integration points with
VMware's cloud and virtualization products, including: Symantec Data
Loss Prevention integration with VMware vShield; upcoming VMware
vSphere 5 support for Symantec Critical System Protection; integration between the new
Symantec Security Information Manager (SSIM) and VMware's vShield log collector for improved security insight into
VMware virtual machines; improved alignment with VMware security standards in the Symantec Control Compliance Suite; and Symantec's Managed Security
Service (MSS) will soon add support for VMware vShield log management.

Symantec CSA Training Partnership
The Cloud Security Alliance (CSA) has been advancing the
cause of security in the cloud for several years, and that effort took a step forward
with the news that Symantec and the CSA has partnered to provide some
training resources for IT professionals. In a statement supporting the
announcement, CSA Executive Director Jim Reavis said that the training
will help companies keep their data secure in the more fluid IT
environment of the cloud.

"The Cloud Security Alliance (CSA) believes in the importance of having
standards and best practices governing cloud security, and that is why
we are pleased to partner with Symantec to deliver training for the
Certificate of Cloud Security Knowledge (CCSK) exam," Reavis said.
"This partnership will give IT Security Professionals the knowledge and
hands-on experience they need to effectively protect their companies'
data in the cloud."

Are you a current Symantec customer? I'd love to hear your feedback on
these new announcements. Just add a comment to this blog post or
contribute to the discussion on Twitter.